Analysis Overview
score
10/10
SHA256
5ac7d084908338850bf604c18e0fa43067b1bc658594c4d4f46efa7e94675885
Threat Level: Known bad
The file Shiba.Gold.Cracker.By.DoomMonkey.exe was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Discordrat family
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-03-15 19:02
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-15 19:02
Reported
2024-03-15 19:05
Platform
win11-20240221-en
Max time kernel
90s
Max time network
94s
Command Line
"C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe"
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe
"C:\Users\Admin\AppData\Local\Temp\Shiba.Gold.Cracker.By.DoomMonkey.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
Files
memory/2288-0-0x0000025870D50000-0x0000025870D68000-memory.dmp
memory/2288-1-0x0000025873400000-0x00000258735C2000-memory.dmp
memory/2288-2-0x00007FFEC8710000-0x00007FFEC91D2000-memory.dmp
memory/2288-3-0x00000258732C0000-0x00000258732D0000-memory.dmp
memory/2288-4-0x00000258746D0000-0x0000025874BF8000-memory.dmp
C:\Users\Admin\Desktop\BackupExpand.wdp
| MD5 | 196e3d58b2bbf3cef622548f0fbc3c69 |
| SHA1 | 70679c258811658e46e98bbcfdb26963dac591a5 |
| SHA256 | 7c9966a42b8ee6ae1ba536bb3f7d6365ba3ba1c76efcf73c903fc3f65b1aea4b |
| SHA512 | eaa50fc6dba0affc47780298c5d9a00777e2b0e303227e62b0aff515b464b1214ac9af466a8a7b010b459cf353dd15d9068b5ef56e7be67f2caa91fcca61949e |
C:\Users\Admin\Desktop\CompleteImport.ppt
| MD5 | 3288e4851f57d4d888b669d32a61806d |
| SHA1 | 635b82256f492f11436fe9b887d4e4e57cb5a17e |
| SHA256 | 264625e3da22702cbeddff814d7ec9a5f37ab0cae41dfd6e36409adafedf37d7 |
| SHA512 | e7e9a89661d1620bcfa417811c0e8996c02e3a24477b64124e433668a48e291ae8044521b7797360889fd8ce944ada3d298e204949a39310661905cbe957dd1f |
C:\Users\Admin\Desktop\CompressPop.AAC
| MD5 | 3442b6224ec9dd800f27013ae038dcda |
| SHA1 | 7d65eec4285de47f91404de1a41b7bb590fc1d0e |
| SHA256 | d59d7768e9f948b5ae91cfa3e837f7a6b6b45c089edf7b1fbc155d773854876b |
| SHA512 | 0006cf3f56b8f08c7491477cb0a5e03bcda1e919de62cb24742173ce50dc9caca46f685db9ce16265eb8cc3a7a30f577a2bf73d8aab04db1141c3b544a6f12c5 |
C:\Users\Admin\Desktop\DebugRestore.crw
| MD5 | 1be1d30c364198c6067aff2cba9273f3 |
| SHA1 | 924e90df2ca18dbf4534b1a36d903095964ab639 |
| SHA256 | a0dff4af063e87f6f51bf59bca2a82601950ff181d1946ecb08542ad529548b4 |
| SHA512 | 3ad1a62171497e36ef0cfc554ead55f4c50b12d0388b763325273bce9fcbd1522aa7307dca33ddfaef9b129aeeecc3967a1af39073be8713d921245266aaed6c |
C:\Users\Admin\Desktop\ConvertFromRevoke.ppsx
| MD5 | 04382d6753f4e9dd4cfe58a94e68f7aa |
| SHA1 | fe54ae5f3c5edd3ab2a06f93d332eea0a360eddd |
| SHA256 | bbab63f01a0181cb3c0a71d610cc13aa7c540684b14802b4931dfb1a34da0997 |
| SHA512 | da7ab3cdb1cb4f4000d6345710ab3a9f9cdb1ba46f8f4d8e950cc0d9bd3836e5ea74da47caa4e5c4d90d43a60a614b6c6161a4e9d2d366fefe3cd28596ee5704 |
C:\Users\Admin\Desktop\MoveConfirm.TTS
| MD5 | c6b41a6be802f3c54daf4cd835d5718f |
| SHA1 | a394754bd4ae37f7ea71bbfeca1d7a098eec6440 |
| SHA256 | 08b0be5e861f35ee592f2bb407a2d9fa3a439793a26e8e57c162d7d273bb9a17 |
| SHA512 | 9cd82a1817de9d079243b5ce131027699008b609b24536b91004137100ab713acb26d032d7a53e1df7c870bd93fec8e657bd71a9bbc7a270e6e5f9ffcdcf2b4f |
C:\Users\Admin\Desktop\PublishGet.ps1xml
| MD5 | c56b091e5ae8d1c023ff30c62cea538b |
| SHA1 | 96abe8b3e9c1db5ca9b3a4f2f562f1cb63c3670d |
| SHA256 | 2db599268b17eba3324f605b9cc540e6e49a0f275f182cd66b2cd6920551964b |
| SHA512 | b06422abf146a7a3b6c2f6504d951fe1a545f5a1f28f35292e3bec1babc5ba229df4795245747cfa41d35f42cbf4447e32fb129b2c885444db336a0eb978e4d6 |
C:\Users\Admin\Desktop\RequestOut.AAC
| MD5 | bb2679382c9cbe32603c23ed23376984 |
| SHA1 | dee036920d1707f4166cc3df03a8bc167c06bf16 |
| SHA256 | 6641169552f863e51a21715ac4321eab7df029e3238eed22e8e86f1ed2f66b92 |
| SHA512 | 6a92a611bfe7c0488792e44a21c0ee402474168d3bd1f295f991057ca05424abbed0f6c5ef4141c906222ba4a9aaa24749c801f901b102e9689075d3f9703118 |
C:\Users\Admin\Desktop\PublishResume.ADTS
| MD5 | 36c0bf5198385ad8e35a69579439c49d |
| SHA1 | b8c9e7b2dc0a6be6c3f3ea79e5497414ff5c82a5 |
| SHA256 | 48c80daad6dc4960f28332ff393b6c195c07d0b63ac6aab5aa040e68918ade95 |
| SHA512 | 97566e3932b89e7bd67a582b8fb90091c84e3a1aa013f4152b99111a966d283414f7732414464e2ed7e21c96cea3576bafd00bded20c9278c8f9138b09ed78e5 |
C:\Users\Admin\Desktop\EditProtect.rmi
| MD5 | 08a0e9f97ece668e6b01e6de511abbe5 |
| SHA1 | d336ade8a6cb5e0c950011865757c458a23eda3b |
| SHA256 | 018d0a9960e5394032b200a7ce6feb7edb3928b04fad77187e5b3ad477e90610 |
| SHA512 | fc5c252c2cfd0c48043266834ccfa632ac3c2db3df3f68f2918a2297c356ff3a01ce5f1cba4b0fc580d3e94df7ea00e8ad997b46066eb996bd4e92582f8320e0 |
C:\Users\Admin\Desktop\PopSet.rtf
| MD5 | 0dd58078e07241f7485c4694e2fb832e |
| SHA1 | 90b81a6a9b15b807ac7bbf7198e750b81121c4d8 |
| SHA256 | 59420beaa77d06e98b3d325e694f997370f95df49d4ce8ffb349c534943bbe0e |
| SHA512 | 420785819effb67c9ff9e8e01025fca740be13eb7fb3e97b0b2c537fbc2f7b02bd7a617773a468775d0b400cf1b0c66c115a3d9d6dabc68968e17aef59f4deb1 |
C:\Users\Admin\Desktop\OpenGet.001
| MD5 | 8331e10e812a1b96779401c7efcf8248 |
| SHA1 | 6b9d33341b0a9597aa9ef50e8e48a6b61a2e9444 |
| SHA256 | 337b4800d5dabf8e2ad3a13d1e44b831de8cf084297f4bfbb8d5e82ac66d54dc |
| SHA512 | 6b0cfd1af074f20c2a0d3b12b81488016d409514e6a33eb15223f45a785c88e274bb6cb8b3983922fd7265405ad4dd0ea62b211547f502949d6dde8695b8a820 |
C:\Users\Admin\Desktop\DebugEnable.midi
| MD5 | 4a0bad2d90d58fcff41ec94e281925cd |
| SHA1 | 700b6da7292b7be56dd94b5cb240c5ef5511fb12 |
| SHA256 | 6ed1023bba2e10ded977017b9894dafa4eaf7beafbb86137bd2d865df74d346c |
| SHA512 | 5206077bdac0dfeb2535a86eac339d2f7c7fe663a7563c09a5d5744ea55112afd9bcb477217ce62d3f67ce9b0eea57fc9c3025f8916ab7c8ffb80ec167d0207a |
C:\Users\Admin\Desktop\InvokeSkip.css
| MD5 | dcf3f97afeb4f4299c4ac96192a7eb0d |
| SHA1 | 1864a7411644dd8e0f6e81a80b1e33ce4b1d42d5 |
| SHA256 | dcae27222c1674c96a32061670773ac7485b0135e115dc7e76701fa1e7dbba7a |
| SHA512 | d4e3df45834e409eac95da134e17f0d49447081a026d3211d8479d0046e0d251fafdba32d4b6bc9e2cc8c00bf2fee3b2cb1d40977cfa2c96393bc3022ac4e359 |
C:\Users\Admin\Desktop\ExportRestore.exe
| MD5 | 70aced1921038ae87b52e26e2063033b |
| SHA1 | 390c99cc39cde876e7ab873ef85ef80d656b8d35 |
| SHA256 | 42fb366efbb9b328f2a44d0efe71b5e9ddeb0e9240e2ee4080e6ecbfe2feae55 |
| SHA512 | 105f442e1abd33a4ef93016c6eb86c1efeaaf68d88ef323d394c4d29be9841b783d5cecfdc15616a7bd2a07596fec1cded17e3157ea4c444e3bfcb1fc531d61b |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 15cc0ddcbd0b2b85922a197e8e10d9bf |
| SHA1 | 6aee5d8a94dce878b3bcb7ff978f9aba20cbe371 |
| SHA256 | a7c8db03978b0ea7540dcf97510fce70ee49960a453aafc4b2924e7908f7496d |
| SHA512 | 49d41b34863ce6fb1fc252f251d7a75aa46c40c04e347458b0d105dcaaf81db257c42279c980cd749c4322c1bf98dc1d660c0203c4f6560d0701bee90212b5fe |
C:\Users\Admin\Desktop\AssertRequest.ico
| MD5 | d9501daf543e93fb029462f04f0c601d |
| SHA1 | c630d9e59abc234900e75f463646526b98d9f803 |
| SHA256 | 8305f5db86ff5de107dae5a9cbc8033c73510c2e4729e0223d5631044c4b7d89 |
| SHA512 | 5acdff8fb9f9ee84fc41b94373b8652a2e5a2e73f0b06b4fbd9ef07034c65708ec7c43e544349b8da61a690e84c65635e4fb24ffcba7893a50c77984ddfa40a8 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 1bfdb4d9e70e9d8f97eed112adea337e |
| SHA1 | ff3273d476cd65103ab788a84fd7150e0dd96f7a |
| SHA256 | 440f2a52f313445a6bef159b48ff3c51056cb1b78e06d60e6b00c26134b744b0 |
| SHA512 | f510b908d1d3d82f0a0b0780c5ad3a7eb5e5392ca61f64a1c752592c484ba4f13c61b49fdd699a6440d65ce438c9fcd71bf5b93c4f79d5d33a0cfda693214af0 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | f01714b600b650efd5c1d62528d63dd4 |
| SHA1 | b83e0cb821efdd4500988a6c593144b32ae9495c |
| SHA256 | 739ebc9bb54eaf9bfc069299b63544695aea8cfeb90987551c0f221c1f0a176f |
| SHA512 | 44049795707629d6b9e1aa6e004bd22dca70a43316d04665a83fa1088bc843c2fc952984c2be4c6d2e18358a66f483eb1f9e3aefe30bf5dd6573c4bb3af2d1be |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | c8da7f85b2a9edfc0efd4bc03704a835 |
| SHA1 | 9d033091a1ab9227de06e80cfc480d547bbabfbe |
| SHA256 | 4821d2a1dee8a40d3c9c565db31724f486a1ab6a1089be553c0caaeb69a73553 |
| SHA512 | 625fe3006719ccd15188fe30972aeb8f65f96efeebc2762a192ceb1abde2e557bf617a6c42e22fd97a39a77bb32ab55bbdc550ef64cfc221821854e5a3956def |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 96d30c4077a0b5aa52587d4e566d8f6f |
| SHA1 | dcdd1c28601ebad43ce05ab8d141d2e264e1b4c4 |
| SHA256 | 634d095dcc955ec3a1cd210b38b48c0e598e99d38b2fdd2a71ab597834af920b |
| SHA512 | 2995b041a51bb2dae6740f71d83f6c9543c63d5de5ae54f02e568bdf22068caf14cb0678257ac5b2b3601fba4816bbfc1fc5a6d40f9a495b44ca0ccd74c692a6 |
C:\Users\Admin\Desktop\SuspendSplit.M2T
| MD5 | 4bab9f695d70e687672df12ebb188dce |
| SHA1 | d77e19794738b8e04dd8990d6a5009ba79f960cb |
| SHA256 | fb5e8203e30b9ba2b5b7c680b5c9776c9c7ddc8e289044f869b0e58dc4d94417 |
| SHA512 | c94b7edd2fe1d96b2c93d7e039df6899f1602cc64589bd527a1709ec722c234dd94f91f269188fcb81929dc10412e1bc9646dad12a83188919e9ec5b8ad7e9f7 |
C:\Users\Admin\Desktop\SaveUse.eprtx
| MD5 | da4769f8debaa7420d5fc87ed166d14f |
| SHA1 | 3a14dff066bb0b59bc4d8fd3710358ed338b974e |
| SHA256 | ae633a93f0e4ff756769b693fb2b5c274912bf59d18d1791cb2a9653c3c00afc |
| SHA512 | 62605dcfa439c9a37e49b611a9be6f9b58d66ae7e9d1fe9179f84a3090ee229ee34f972f1a96900f420bb0dcbba0fbcb0238d7a72cf53511ae06ffdacbe4906a |
C:\Users\Admin\Desktop\PingCompare.m1v
| MD5 | 9c599e86a455b0e802f64a073e137e5f |
| SHA1 | 54f773849ddd9f5c1867f92a3117191ee824007d |
| SHA256 | f71cdd1606913dde5cd01742f1d98a0944a98b69c6be7bcd531d58eeb8c5e679 |
| SHA512 | 6fd345fb8979ec05146ba2e93b78f8997f7374c26280886bff9be389a7a1cfd2bf4dfa5f7778f04d478c020ea9259d11d38a60c4b103c828e0a7c40b4a548557 |
C:\Users\Admin\Desktop\ExitRevoke.ps1xml
| MD5 | c3f0cd6366a5fd290bce49b1f8b33f55 |
| SHA1 | 9666ee26b9e1909afc0a8c19036352307aa21676 |
| SHA256 | 4b1497613f81d8efc7dc11ca690cac2728a85b9dc7d6c895bdce21ce90fdb835 |
| SHA512 | d732389b54cd4bf182b46698fde2045d619bbba3437d41598a8a26f6b8d6053308023dcf36947969235a11ed30bdc83496cd6d40d7b10ce668f64305f483e5c9 |
C:\Users\Admin\Desktop\CheckpointFind.reg
| MD5 | 4e9dc2f9878a681eda93c808acf12a02 |
| SHA1 | 539cc7434620bbbdadbee5b0d08e96de41066f92 |
| SHA256 | 4ab092c1dd47d2f6a01ef4bd3d75f80dccc5662f151833099a8790745e2dbc61 |
| SHA512 | a09004a67cc1b7910b11f6933432f2d4d1c1772024bb3bac6d44213ae7670e88d11b32aee85672b0dffbb3856a7d0467315603daff9b7c3a2142204c5417f869 |
C:\Users\Admin\Desktop\WatchRequest.dwfx
| MD5 | 003213772b86155883672a2bcee82984 |
| SHA1 | bfe280ef7372a0a4bf9662997e09084526b7bb9b |
| SHA256 | d9d4c56097d06e78c7df194eab96a3aef8b565b858cb1a3090878216dab58599 |
| SHA512 | 0727b6c8c89aa0ac4d32fe63133faa2b4261e50b0f5a43a1bd4ecf96b6107c48fdbfe7c6169196160aece5d775f55d28bf427e74f5abe46814530376eb1e84dc |
C:\Users\Admin\Desktop\WatchJoin.M2V
| MD5 | d2838c411974c472c720b6b3ff645772 |
| SHA1 | 87312b5660e1f06f911309caab3f5e05ec1553c7 |
| SHA256 | ac6c9529e1dd2661a145d3a2417590aba4de69f26437eff51e5cb3e9e1da2e26 |
| SHA512 | ae389b4048f6dbfb594c33e737849d4088b5ce1fe730450f999a4feca4575f694e295bef26cc0020b538068557eb4544e587df9ac3d8a83b1f36c8f274292da0 |
C:\Users\Admin\Desktop\UnpublishReset.svgz
| MD5 | e2febfcea6fd00313fb9ebc47bc3e130 |
| SHA1 | d51977959fdfd6f3f95217295fb827d32ceead77 |
| SHA256 | e310ef69a7a47cbc3b58717202bc9c6dc31ff50975c4732201be8e4d90d672da |
| SHA512 | 8dad04c10c3c98874c3fc8fec91da49082bafe5409ea5f89494858c8a9ad8b5a8ab31a48228a49bddf8458b46b8af0b483f57fa0d148cbd620765f73b57cc5c3 |
C:\Users\Admin\Desktop\UnblockClear.m3u
| MD5 | a9e5aaf08105f0193cafb8dc4eccd2df |
| SHA1 | 90aab37be6b970aac77a5704642b7ffc130e7437 |
| SHA256 | 6d6c306d6b53673c6eb8a13238975467419f4a830bc7752a6aeacc792cee1fca |
| SHA512 | e18ff39fc2aeece29e9af224fa90f328705c46399bd034d0d89e87e435fbf8d27b74fd453d49f8543dad5930ddb0923ae3ef98ebbfb49987a15bd50b67f6a921 |
C:\Users\Admin\Desktop\TraceMount.rtf
| MD5 | c00077c0f45b913d2200592c201d8d19 |
| SHA1 | 458adfe38880cccb86c32b611be4454e5589b43a |
| SHA256 | fdd1df441a4dcbf4de2d9986c0bcda633bf3f2aff1a1d982dc6f51928ae8dc69 |
| SHA512 | a4f2a9f6393a01fce50240d5e1245efd182974710353697fc1e4a629358f9bf1877ba8f891d77142eb7af951bd25cb01838c771ed42d7ac77bf73d98cfdb658f |
C:\Users\Admin\Desktop\TraceEnable.mht
| MD5 | db3065ca228d01d2bb1bd73aacf7b5eb |
| SHA1 | 6a80532943501d882e60729f2d8a854853c405d0 |
| SHA256 | ce7391d3214724da5f3e9573e39595fcdf834ec629be0eee0d5e8ed0ae44e09f |
| SHA512 | d0015a329282f91a0dc89259092442c69d0a39742adcfe5c83077becd034ab9e4edcce02d802b3b50c03925d16570521a6d8d5dbbaaf7bcd84448d3ed5851282 |
C:\Users\Admin\Desktop\SyncSend.ppt
| MD5 | 473b9700c6df2317bcc0967ad906a7f5 |
| SHA1 | 012c69feb1ebab24b48d31b64e8c77ef26555cc1 |
| SHA256 | eb1d6c56234600a7bbf7bec464f22a6c810dac277875ab28194dd041a43525b5 |
| SHA512 | 6dd558013dc2a15877ad377b200a65e4a9db2fd67ee537e3b7f7a3b4450dee928bf9d802a50487c21cc29692cc15eb854dd2dc9ab09b395c1a8dedc644c794fb |
C:\Users\Admin\Desktop\SearchOpen.mp3
| MD5 | fb0b95886f90257026b3306eb230537b |
| SHA1 | 78579f2d2c2ad590b7c3c31d8205d83e6f1c4748 |
| SHA256 | 8d90392cbaea2fa84138d22b7556fc385bd6d75e6ad6de00893ee0b737313fd3 |
| SHA512 | 2253ea0ec8f7bb778b7720b768575188a394db460547cb1d6a0c63613890ae73e0eae9af79d46e29bab3933cef67f0754d68ebc3079a80fc0eafd58e31bd5612 |
memory/2288-39-0x00007FFEC8710000-0x00007FFEC91D2000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-15 19:02
Reported
2024-03-15 19:02
Platform
android-x64-20240221-en
Max time network
3s
Command Line
N/A
Signatures
N/A
Processes
N/A
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
N/A